When assigning permissions to any user using Security Profiles, first thing to understand is that different sections are based on Objects, as explained here:
Object Level Security Best Practices
And in order to give access to some specific areas, a combination of object permissions must be assigned.
What combination of permissions can be assigned to a user to let him use Patch Management only?
Client Automation - 14.x
In order to assign permissions to use Patch Management, the following screenshots show a suggestions of permissions that can be assigned:
After these permissions are assigned to the user, he is able to login to WAC Console and manage patches:
Please note that the user will be able to see the Console section too, but he will be unable to perform any action (showing an "Access denied" error):